Add missing compilation guards for GCM and CCM

Add missing compilation guards that broke the build if either GCM or
CCM was not defined.

Add missing guards on test cases that require GCM or CBC.

The build and tests now pass for any subset of {MBEDTLS_CCM_C,
MBEDTLS_GCM_C}. There are still unused variables warnings if neither
is defined.

library/psa_crypto.c

@@ -3146,7 +3146,7 @@ static void psa_aead_abort( aead_operation_t *operation )
             mbedtls_ccm_free( &operation->ctx.ccm );
             break;
 #endif /* MBEDTLS_CCM_C */
-#if defined(MBEDTLS_CCM_C)
+#if defined(MBEDTLS_GCM_C)
         case PSA_ALG_GCM:
             mbedtls_gcm_free( &operation->ctx.gcm );
             break;
@@ -3259,6 +3259,7 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key,
     }
     tag = ciphertext + plaintext_length;
 
+#if defined(MBEDTLS_GCM_C)
     if( operation.core_alg == PSA_ALG_GCM )
     {
         status = mbedtls_to_psa_error(
@@ -3270,7 +3271,10 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key,
                                        plaintext, ciphertext,
                                        operation.tag_length, tag ) );
     }
-    else if( operation.core_alg == PSA_ALG_CCM )
+    else
+#endif /* MBEDTLS_GCM_C */
+#if defined(MBEDTLS_CCM_C)
+    if( operation.core_alg == PSA_ALG_CCM )
     {
         status = mbedtls_to_psa_error(
             mbedtls_ccm_encrypt_and_tag( &operation.ctx.ccm,
@@ -3282,6 +3286,7 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key,
                                          tag, operation.tag_length ) );
     }
     else
+#endif /* MBEDTLS_CCM_C */
     {
         return( PSA_ERROR_NOT_SUPPORTED );
     }
@@ -3339,6 +3344,7 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key,
     if( status != PSA_SUCCESS )
         return( status );
 
+#if defined(MBEDTLS_GCM_C)
     if( operation.core_alg == PSA_ALG_GCM )
     {
         status = psa_aead_unpadded_locate_tag( operation.tag_length,
@@ -3356,7 +3362,10 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key,
                                       tag, operation.tag_length,
                                       ciphertext, plaintext ) );
     }
-    else if( operation.core_alg == PSA_ALG_CCM )
+    else
+#endif /* MBEDTLS_GCM_C */
+#if defined(MBEDTLS_CCM_C)
+    if( operation.core_alg == PSA_ALG_CCM )
     {
         status = psa_aead_unpadded_locate_tag( operation.tag_length,
                                                ciphertext, ciphertext_length,
@@ -3374,6 +3383,7 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key,
                                       tag, operation.tag_length ) );
     }
     else
+#endif /* MBEDTLS_CCM_C */
     {
         return( PSA_ERROR_NOT_SUPPORTED );
     }

tests/suites/test_suite_psa_crypto.data

@@ -1770,19 +1770,19 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
 generate_key:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_SUCCESS
 
 PSA generate key: AES, 128 bits, GCM
-depends_on:MBEDTLS_AES_C
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
 generate_key:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_GCM:PSA_SUCCESS
 
 PSA generate key: DES, 64 bits, CBC-nopad
-depends_on:MBEDTLS_DES_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 generate_key:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:PSA_SUCCESS
 
 PSA generate key: DES, 128 bits, CBC-nopad
-depends_on:MBEDTLS_DES_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 generate_key:PSA_KEY_TYPE_DES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:PSA_SUCCESS
 
 PSA generate key: DES, 192 bits, CBC-nopad
-depends_on:MBEDTLS_DES_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 generate_key:PSA_KEY_TYPE_DES:192:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:PSA_SUCCESS
 
 PSA generate key: invalid key size: AES, 64 bits